π΅οΈββοΈ Will 2025 See a Rise of NHI Attacks? π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The flurry of nonhuman identity attacks at the end of 2024 demonstrates extremely strong momentum heading into the new year. That does not bode well.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
Will 2025 See a Rise of NHI Attacks?
The flurry of non-human identity attacks at the end of 2024 demonstrates extremely strong momentum heading into the new year. That does not bode well.
π¦Ώ How to Create a Secure Username π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Discover how to create a unique and secure username for your online accounts, and find out why its just as important as having a strong password.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
How to Create a Secure Username
Discover how to create a unique and secure username for your online accounts, and find out why itβs just as important as having a strong password.
βοΈ MasterCard DNS Error Went Unnoticed for Years βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent 300 to register the domain and prevent it from being grabbed by cybercriminals.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
MasterCard DNS Error Went Unnoticed for Years
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted forβ¦
π₯1
π§ 2024 Cloud Threat Landscape Report: How does cloud security fail? π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40 of all data breaches involved data distributed across multiple environments, meaning that these bestlaid plans often fail in the cloud environment. Not surprisingly, many organizations find keeping a robust security posture The post 2024 Cloud Threat Landscape Report How does cloud security fail? appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
2024 Cloud Threat Landscape Report: How does cloud security fail?
New data from X-Force research sheds light on the most common failed rules in cloud and hybrid security, and what organizations can do about it.
ποΈ Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security DHS. "In alignment with the Department of Homeland Security's DHS commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors are exploiting an unspecified zeroday vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denialofservice DDoS attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π PlushDaemon APT Targeted South Korean VPN Software π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
PlushDaemon APT Targeted South Korean VPN Software
PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign
π Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures
Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA
π 73% of UK Education Sector Hit by Cyber-Attacks in Past Five Years π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New ESET research reveals that 73 of UK educational institutions experienced at least one cyberattack or breach in the past five years.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
73% of UK Education Sector Hit by Cyber-Attacks in Past Five Years
New ESET research reveals that 73% of UK educational institutions experienced at least one cyber-attack or breach in the past five years, with 20% reporting three or more incidents
π Ransomware Attacks Surge to Record High in December 2024 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
NCC Group observed 574 global ransomware attacks in December, the highest monthly volume it has recorded.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ransomware Attacks Surge to Record High in December 2024
NCC Group observed 574 global ransomware attacks in December, the highest monthly volume it has recorded
π΅οΈββοΈ Chinese Cyberspies Target South Korean VPN in Supply Chain Attack π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Advanced persistent threat group PlushDaemon, active since 2019, is using a sophisticated modular backdoor to collect data from infected systems in South Korea.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Chinese APT Targets Korean VPN in Supply Chain Attack
Advanced persistent threat group PlushDaemon, active since 2019, is using a sophisticated modular backdoor to collect data from infected systems in South Korea.
π΅οΈββοΈ Trump Pardons 'Silk Road' Dark Web Drug Market Creator π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The pardon comes after 11 years in prison for Ross Ulbricht, who was sentenced to life without parole on several charges, including computer hacking, distribution of narcotics, and money laundering.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Trump Pardons 'Silk Road' Dark Web Market Creator
The pardon comes after 11 years in prison for Ross Ulbricht, who was sentenced to life without parole on several charges, including computer hacking, distribution of narcotics, and money laundering.
π΅οΈββοΈ Trump Overturns Biden Rules on AI Development, Security π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The new administration moved quickly to remove any constraints on AI development and collected 500 billion in investment pledges for an Americanowned AI joint venture.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Trump Overturns Biden Rules on AI Development, Security
The new administration moved quickly to remove any constraints on AI development, and collected $500 billion in investment pledges for an American-owned AI joint venture.
ποΈ TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and onpremise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant's cloud division said in its 11th.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE202520156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. "This.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed details of a new BackConnect BC malware that has been developed by threat actors linked to the infamous QakBot loader. "BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks," Walmart's Cyber Intelligence team told The Hacker News. "The BackConnects in use were 'DarkVNC' alongside the IcedID.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Trump Pardons Silk Road Founder Ulbricht π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
President Trump has pardoned the founder of original dark web marketplace Silk Road.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Trump Pardons Silk Road Founder Ulbricht
President Trump has pardoned the founder of original dark web marketplace Silk Road
π±1
π New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cybercriminals are selling access to the malicious GenAI chatbot via Telegram, providing rapid assistance for a range of nefarious activities, according to Abnormal Security.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing
Cybercriminals are selling access to the malicious GenAI chatbot via Telegram, providing rapid assistance for a range of nefarious activities, according to Abnormal Security
π€1
ποΈ How to Eliminate Identity-Based Threats ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Despite significant investments in advanced technologies and employee training programs, credential and userbased attacks remain alarmingly prevalent, accounting for 5080 of enterprise breaches1,2. While identitybased attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access SMA 1000 Series appliances that it said has been likely exploited in the wild as a zeroday. The vulnerability, tracked as CVE202523006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. "Preauthentication deserialization of untrusted data vulnerability has been identified in the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New Research: The State of Web Exposure 2025 ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Are your websites leaking sensitive data? New research reveals that 45 of thirdparty apps access user info without proper authorization, and 53 of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risksdownload the full report here. New research by web exposure management specialist Reflectiz reveals several.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity